March 10, 2010

India’s cyber crime challenge

New Delhi, India — India’s profile and wealth have risen enormously in the world due to the constructive use of information technology. At the same time, India ranks fifth in the world for cyber crime, according to a report last year by the U.S.-based Internet Crime Complaint Center, a partnership between the Federal Bureau of Investigation and the National White Collar Crime Center.

In fact, the report said that as India became home to the fourth highest number of Internet users in the world, cyber crime has been rising at more than 50 percent per year. A striking example of such crime was the attack on computers in the Indian prime minister’s office by Chinese hackers last December.

Investigators are still coming to terms with the extent of damage caused by that attack, as the hackers had targeted the cream of India’s national security setup: National Security Advisor M.K. Narayanan, Cabinet Secretary K.M. Chandrasekhar, the prime minister’s special envoy Shyam Saran and deputy National Security Advisor Shekhar Dutt. In addition, 26 others were also squarely in the crosshairs of the hacking attempt.

The timing of the espionage attempt led investigators to suspect the Chinese hackers of desperately trying to access any available data on India’s position at the Copenhagen Climate Summit being held at the time. It may be noted that until Indian Prime Minister Manmohan Singh arrived in Copenhagen on Dec. 17, Environment Minister Jairam Ramesh and Saran were singing different tunes.

But what has disturbed investigators most is that the Chinese hackers possibly had inside help. The possibility of a mole within the Indian establishment helping a foreign adversary is staring investigators in the face.

In March 2009, a China-based cyber spy network hacked into government and private systems in 103 countries, including many Indian embassies and the headquarters of the Dalai Lama. In May 2008, hackers from China attacked the website of India’s Ministry of External Affairs. Despite official denials, at least one website reported that hackers had stolen the identities and passwords of several Indian diplomats.

In the past three years, over 9,000 Indian websites have been at the mercy of an anti-India community. Hackers based beyond India’s borders have become a threat for the government.

Cyber attacks from across the border are not new to India. This happened for the first time when India was conducting nuclear tests at Pokhran in 1998 and hackers based in Pakistan attacked the websites of Zee News and India Today. GForce Pakistan and Pakistani Hackerz Club took responsibility for the intrusions and left behind threatening messages demanding that the nuclear tests be stopped.

After the terror attacks on the Indian Parliament in December 2001 and a massive troop standoff between India and Pakistan several hacking incidents were reported.

Pakistani hackers also targeted the Indian website http://www.armyinkashmir.com, which was providing factual information about daily events in the Kashmir Valley in 1999. Hackers posted photographs showing Indian security forces allegedly killing Kashmiri people and blamed the Indian government for “atrocities” there. Obviously, this had the intended impact in the valley.

In December 2008, the Indian Eastern Railways portal was hacked by Whackerz-Pakistan. The official website http://www.easternrailway.gov.in bore a strange look. When opened, the top scroll on the site, which normally consists of official announcements, had unusual notes. The first note read: “Cyber war has been declared on Indian cyberspace by Whackerz-Pakistan (24 Dec-2008).”

The scene became grimmer after the terror attacks on Mumbai on Nov. 26, 2008. The Pakistan Cyber Army hacked into the websites of the Indian Institute of Remote Sensing, the Center for Transportation Research and Management, the Kendriya Vidyalaya of Ratlam – a chain of schools run by the Indian Army – and the Oil and Natural Gas Corporation of India. The damage took a long time to repair.

Even at the individual level cyber attacks are on the rise in India. According to the New Delhi police, in 2009 email hacking and cheating cases went up by 150 percent. It is said that Nigerian gangs are very active in India, particularly during festive seasons when massive purchases are transacted online, thanks to the system of credit cards and online bank accounts.

In India cyber crime comes under both the traditional Indian penal code and the Information Technology Act, 2000, which was amended in 2008. And here lies the confusion. Since policing is a matter of the state, and complaints have to be lodged with the local police, it all depends under which law the police register a case; it so happens that for the most part they prefer the age-hold penal code.

Local police are not conversant with the intricacies of the nationally legislated IT Act. But once a case is filed under the penal code, the method of investigation must follow certain guidelines that make it extremely difficult to prove most cyber crimes, experts say.

Even under the IT Act, investigations in India are not easy. This is mainly due to the lack of what is called “cyber forensics.” We know that forensic evidence is important in normal criminal investigations. But the collection and presentation of electronic evidence to prove cyber crimes have posed a challenge to investigation and prosecution agencies and the judiciary.

Cyber-related techno-legal acumen and knowledge are not well developed in India. These require a sound working and practical knowledge of information technology as well as relevant legal knowledge. Cyber laws, international telecommunications laws, cyber forensics, digital evidencing and cyber security pose difficult and sometimes hard to understand legal challenges to the courts. This explains why there are almost no convictions of cyber criminals in India. Judges in India must fill in this legal gap.

To sum up, India needs a good combination of laws and technology, in harmony with the laws of other countries and keeping in mind common security standards. In the era of e-governance and e-commerce, a lack of common security standards can create havoc for global trade as well as military matters.

Information technology is a double-edged sword that can be used for destructive as well as constructive work. It has now created a fifth dimension in addition to land, sea, air and space, though unlike the other four dimensions, it is completely made and controlled by humans.